(Originally posted July 26, 2018, on Facebook; I’m reupping this here on the blog (with a few minor clarifications) to give it a little more reach.)

I’ve seen this article shared a great deal on social media today. Writer Michael Harriot claims to have found proof that Russia actually altered vote totals in the 2016 election to tilt the election to Trump. It proves a lot of things, but not that.

First, I’m not a computer scientist and don’t play one on social media. But I edited the 2004 book “Black Box Voting: Ballot Tampering in the 21st Century,” by Bev Harris and my good friend David Allen. (In a previous life, David did network security for banks. This is relevant because voting-machine maker Diebold also did bank networks.)

During that project I learned about the many vulnerabilities of electronic voting machines, and this Root article rehashes some of those. It also does a good job of documenting that the Russians had means, motive, opportunity and desire to alter the 2016 election results.

But despite the headline, this article does not provide any evidence, direct or circumstantial, that the Russians actually altered vote totals. It does not provide any evidence, direct or circumstantial, that the Russians deleted voter registration data so as to prevent a single person from voting.

To be clear, I think both those things probably happened. But this article doesn’t prove it, and neither has anyone else that I know of. And I’ve been looking for evidence of this since I started working on “Black Box Voting” more than 15 years ago.

And at this point, the question is irrelevant; the Constitution is silent on the question of undoing a stolen presidential election.

What is HIGHLY relevant, and quite urgent, is that we realize that it could happen (again) in 2018 and 2020 and take steps to prevent it. Off the top of my head, that means, among other things, paper ballots, publicly counted, and mandatory, rigorous election auditing up and down the ballot. These are things we still (barely) have time to make happen before November, and that’s where we ought to focus.

UPDATE, July 27: Having seen this Root article promoted on social media by such respected authorities as Sarah Kendzior, I’ve tried to contact her and a couple of others to make clear that, for lack of a better term, the headline writes a check the reporting can’t cash. I’ve gotten no response from anyone I contacted.

UPDATE, July 28: The Root has pulled the article pending review. Good.

Dolt 45’s poll numbers continue to tank, and the Senate Republicans’ “health care” plan is polling down around the levels of cat poop: As of earlier this week, only 12% of Americans supported it. But Republicans don’t seem overly worried about the 2018 or 2020 elections. There are a couple of reasons for this: They’re pretty confident they can use Trump’s new election commission to steal the elections, and they may even be relying on voting-machine hacking.

When Trump signed an executive order in May to form an election commission, he said it was “to promote fair and honest elections.” It’s not. Trump himself continues to say (if not believe) that he lost the popular vote because 3 to 5 million people voted illegally. (That’s despite the fact that documented cases of voter fraud in the U.S. are vanishingly rare — law professor Justin Levitt found 135 cases of vote fraud nationally out of 1 billion ballots cast between 2000 and 2014, while the Washington Post found four cases out of 135 million ballots cast in 2016.) He clearly wants this commission to try to find evidence to back up his claim.

To do that, he named perhaps the country’s most notorious vote suppressor, Kansas Secretary of State (and gubernatorial candidate) Kris Kobach, vice chair of the commission. Kobach made headlines this week by demanding voter registration data from all 50 states; more on that below. Let’s be blunt: If you’re interested in fair and honest elections, you don’t hire Kris Kobach. If, on the other hand, you’re interested in suppressing the votes of people who might be disproportionately inclined to vote Democratic, Kobach’s your guy.

As this New York Times profile from a couple of weeks ago indicates, Kobach is basically a Klansman without the n-bombs. (Hey, in his spare time he provides legal counsel to a hate group, as one does.) He’s also a committed ideologue who has never allowed the facts to get in the way of a good delusion, on voting or anything else. (Read that profile. Kobach is the kind of scary true believer who could get us into a nuclear war if he ever got elected president.)

Since being elected Secretary of State, he has enacted four measures in Kansas to restrict voting, and the ACLU whipped his ass in court on all four. Not only that, a federal judge fined him $1,000 for lying to the court about the contents of some of his documents. (I’d’ve jailed him for contempt and referred the matter to the state bar for additional sanctions, as well.)

Moreover, Kobach was the driver of the GOP’s notorious “Crosscheck” program in the 2016 elections. Crosscheck, in place in swing states including Wisconsin, Michigan, and North Carolina, ostensibly was intended to search voter-registration data for people who were registered to vote in multiple places and states, to ensure they voted only once. But in real life, its matching parameters were so loose — just a name and a date of birth — that the program generated roughly 200 false positives for every duplicate registration it detected.

Crosscheck has led to outrageous headlines that make double voting seem far more common than it is. In 2014, after North Carolina joined Crosscheck, the head of the state board of elections reported that in the 2012 general election, there were 35,750 voters in the state whose first and last names and dates of birth matched those of individuals who voted in the same election in a different state. Republican leaders of the North Carolina Legislature called it “alarming evidence of voter fraud,” and the conservative political strategist Dick Morris told Sean Hannity on Fox News, “It’s the most important data I’ve read in a year,” adding that it was “the first concrete evidence we’ve ever had of massive voter fraud.” But when North Carolina investigated the numbers using additional data like the last four digits of voters’ Social Security numbers, eight cases of potential double voting were referred to prosecutors and two people were convicted.

So, as we see, this is not a man who is disinterestedly pursuing free and fair elections. This is a man who is attempting to strike likely Democratic voters from the rolls, even when they are legally entitled to vote; indeed, as noted by former Justice official Sam Bagenstos, it appears Kobach intends for the commission to sue the states to force them to purge their voter rolls in the manner he favors. I note for the record that 18 USC 241 makes it a crime, punishable by up to 10 years in prison, to conspire to deny people their civil rights. And Kobach has been so wrong for so long on voting rights that it is difficult to understand his actions as anything other than intentional.

Also on the commission: Hans von Spakovsky, a former member Bush 43-era Justice Department official who also has a long history of vote suppression efforts under the guise of preventing vote fraud — indeed, Democrats successfully blocked his nomination to the Federal Election Commission in 2008 because of it. Like Kobach, von Spakovsky also has a certain morally casual attitude, as this 2006 Post article highlights:

When he was a senior lawyer in the Justice Department’s Civil Rights Division, Hans von Spakovsky played a central role in approving a controversial Georgia voter identification program over the objections of staff lawyers.

But now, after leaving Justice for the Federal Election Commission, von Spakovsky has acknowledged writing a law review article that endorsed photo identification, which was Georgia’s approach, before the state’s proposal was even submitted to Justice for review. He also took the unusual step of using a pseudonym, “Publius,” in publishing the article, which appeared in the spring 2005 issue of the Texas Review of Law & Politics.

The article and its unusual authorship prompted a letter of complaint to the Justice Department last week from the Voting Rights Project, an arm of the American Civil Liberties Union that is opposed to Georgia’s voter identification plans. The group said the article shows von Spakovsky had already made up his mind on the issue and that his attempt to hide his views may have violated Justice Department guidelines.

In addition, a link to the Publius article suddenly disappeared this week from the FEC Web site, which had featured the article among a list of von Spakovsky’s writings.

“There appears to have been an intentional desire to prevent the public and, in particular, advocates with business before the Voting Section, from knowing the views of one of the senior officials involved,” Neil Bradley, the ACLU group’s associate director, wrote in his letter to Justice.

Whether or not von Spakovsky did anything to merit discipline, this is not the behavior of someone with a disinterested desire for free and fair elections.

Earlier this week, as noted above, Kobach asked all 50 secretaries of state, who oversee voter registration in most states, for voter registration data, including not only such things as names, addresses and dates of birth but also political party, last four digits of Social Security number, and voting history since 2006.

It is hard to avoid the inference that Kobach intends to apply Crosscheck nationwide — basically doing for the country what he did for North Carolina and possibly illegally disenfranchising millions of Americans.

(Even if Kobach’s motives were above suspicion, Kobach appears to know nothing about how to transmit, store, and analyze data safely and securely — you don’t transmit sensitive data files by email, just for starters. In short, this national database, even if it weren’t being used for partisan purposes, would be an identity-theft catastrophe just waiting to happen, particularly given the unseemly closeness of others in this administration to the Russian government.)

To be clear, there is as yet no proof that anyone ever has successfully hacked a voting machine to alter or delete a ballot in a U.S. election. That’s a topic I’ve followed ever since editing the 2004 book “Black Box Voting: Ballot Tampering in the 21st Century,” by Bev Harris and David Allen (more on that here). But I’ve always believed it possible — the evidence that it’s doable is just too overwhelming. And that’s why you need robust election auditing, including but not limited to examining machines.

Funding for the Election Assistance Commission, which, among many other virtues, is the only U.S. government agency currently empowered to look into voting-machine hacking.

Partisan gerrymandering

Updating election equipment

Automatic voter registration

Requiring paper ballots instead of hackable machines

Requiring election audits

Expanding early voting opportunities

Expanding voting by mail

Increasing the convenience and accessibility of voting places

Reducing long lines and wait times at the polls.

Anyone seriously interested in helping authorized voters exercise their right to vote would be working on these issues. But that ain’t what Kobach’s commission is about. And that’s why it must be resisted. Otherwise, the Republicans will steal the upcoming elections and our 240 years as a democratic republic will be over.

One way or another, and maybe in more ways than one, the 2016 U.S. presidential election was stolen. There are several ways it could have happened — not did happen, but could have happened — so let’s look at them first.

We’ll start with FBI director James Comey’s late-October announcement that investigators were examining “additional evidence concerning Clinton’s use of a private email server.” And if we’re going to start there, we need to look at the context of that issue.

Yes, it was a dumb goddamned thing to do for Clinton to have used a private email server for government business. But some of her predecessors had done the same, including Colin Powell under President George W. Bush. And the W. Bush White House ran tens of millions of emails through a private server at the Republican National Committee without many complaints from the media or any complaints from Republicans. Meanwhile, Republicans conducted multiple congressional investigations in hopes of finding evidence of a crime, as did the FBI itself. And what did they all come up with? Bupkus.

An ABC/Washington Post tracking survey released Sunday [Oct. 30], conducted both before and after Comey’s letter was made public on Friday, found that about one-third of likely voters, including 7 percent of Clinton supporters, said the new e-mail revelations made them less likely to support the former secretary of state.

The poll found that Clinton received support from 46 percent of likely voters to Trump’s 45 percent, suggesting the race is a toss-up. That contrasts with the 12-point advantage that Clinton held in the same poll a week ago.

And what Comey did wasn’t just damaging, it was also wrong. He caught hell from some of his Justice Department colleagues for having spoken out so close to the election on a matter likely to influence it (such matters usually aren’t supposed to be discussed by federal investigators or prosecutors within 60 days of an election):

“I got a lot of respect for Jim Comey, but I don’t understand this idea of dropping this bombshell which could be a big dud,” said former federal prosecutor Peter Zeidenberg, a veteran of politically sensitive investigations. “Doing it in the last week or 10 days of a presidential election without more information, I don’t think that he should because how does it inform a voter? It just invites speculation … I would question the timing of it. It’s not going to get done in a week.”

Nick Akerman, a former assistant U.S. attorney in the Southern District of New York, was more critical: “Director Comey acted totally inappropriately. He had no business writing to Congress about supposed new emails that neither he nor anyone in the FBI has ever reviewed.”

“It is not the function of the FBI director to be making public pronouncements about an investigation, never mind about an investigation based on evidence that he acknowledges may not be significant,” Akerman added. “The job of the FBI is simply to investigate and to provide the results of its investigation to the prosecutorial arm of the U.S. Department of Justice. His job is not to give a running commentary about any investigation or his opinion about any investigation. This is particularly egregious since Secretary Clinton has no way to respond to what amounts to nebulous and speculative innuendo.”

That was also a theme of a former Justice Department and former Democratic Senatorial Campaign Committee spokesman Matthew Miller.

“The Justice Department’s longstanding practice is don’t do anything seen as trying to influence an election. That’s usually interpreted as 60 days, let alone 11. … It’s completely unfair to Secretary Clinton and it’s really unfair to the voters. There’s no reason he had to send this letter,” Miller told POLITICO.

So what Comey did was wrong and damaged Clinton’s chances. Was what he did solely responsible for her Electoral College loss? I won’t say that because I don’t think anybody has proved it, and I doubt anyone can. What I am confident in saying is that it eroded Clinton’s lead significantly, possibly enough to have contributed to some swing-state losses and enough to have hurt some downballot Democrats’ chances as well.

What else hurt Clinton, or might have? For the first time, we have credible evidence that Russia tried to interfere with the outcome of a U.S. presidential election. The most spectacular accusation is that Russia hacked enough voting machines to give Trump the win, and let me say right up front that I don’t necessarily buy it. I am, for the moment and pending further research, agnostic as to whether the Russians hacked any voting machines and/or vote-counting systems at all, let alone enough in swing states to tip the election to Donald Trump in the Electoral College. I just don’t know. But what do we know?

There were things about the differences between vote totals and exit polls — more on those in a second — that simply weren’t explainable by random chance, whether you think Russians were involved or not. Journalist Bill Palmer summarizes them pretty well here. As he says, they don’t conclusively prove that the election was rigged, but if the polling really was simply off, it should have been off in a different way.

And there are other discrepancies. A group of prominent computer scientists affiliated with the University of Michigan’s Center for Computer Security and Society is pressing Clinton to seek a recount in Wisconsin and Pennsylvania, which went to Trump, and Michigan, where votes are still being counted and it’s too close to call. Flipping those three states to Clinton would give her the White House. Again, the experts are not claiming they have proof of fraud, but they have found what they consider statistically suspicious differences in voting patterns in areas with electronic touch-screen machines compared with areas with other forms of vote tabulation. As I wrote this tonight, Jill Stein, former Green Party candidate for president, was pressing for a recount in those three states.

So although I am suspicious that the vote totals may have been monkeyed with by agents foreign and/or domestic, I grant that all the evidence — and there is a lot — is circumstantial, not directly probative. Therefore, as I said, I remain agnostic on that point, subject to the discovery of new information one way or the other.

So why am I stating as a fact that the election was stolen? Because while there’s some doubt about the shenanigans I’ve listed above, I am much more certain about another effort: Republican officials conspired to purge the voter rolls of a number of states in ways that overwhelmingly affected people likely to vote Democratic.

Journalist Greg Palast, whom I mentioned above, first documented in Chapter 1 of the first (2004) edition of his book “The Best Democracy Money Can Buy” how this approach was used in the run-up to the 2000 election to kick enough minority and other likely Democratic voters off the Florida voter rolls improperly — and I’ll explain “improperly” in a second — to have swung the vote totals there, and thus the 2000 election, to George W. Bush.

I say “improperly” for this reason. The purging was supposed to remove from the rolls primarily convicted felons who had not yet had their civil rights restored and people who were, inadvertently or otherwise, registered to vote in two different places at once. However, the database query used only the loosest matching criteria, so that fathers ended up being purged because of their felon sons with the same name and vice versa, the John Smith on Main Street was purged when it was the John Smith on Elm Street who was the felon, John Adam Smith got purged when the felon was actually John Benjamin Smith, and so on. This work was done by a contractor with ties to the family of George W. Bush and retained by W’s brother Jeb Bush, then governor of Florida.

The scheme worked then, so the Republicans decided to take it national. No sooner had the Supreme Court struck down parts of the Voting Rights Act, Palast has found in an updated version of his book, than in 2013 a group of Republicans led by Kris Kobach, secretary of state in Kansas (and more about him to come), developed a system called Crosscheck to apply the technique to more than a dozen other states (most controlled by Republicans), looking for people who were, or who appeared to be, registered in two different states. From Palast’s article in the Aug. 24 issue of Rolling Stone:

The data is processed through a system called the Interstate Voter Registration Crosscheck Program, which is being promoted by a powerful Republican operative, and its lists of potential duplicate voters are kept confidential. But Rolling Stone obtained a portion of the list and the names of 1 million targeted voters. According to our analysis, the Crosscheck list disproportionately threatens solid Democratic constituencies: young, black, Hispanic and Asian-American voters – with some of the biggest possible purges underway in Ohio and North Carolina, two crucial swing states with tight Senate races. (snip)

On its surface, Crosscheck seems quite reasonable. Twenty-eight participating states share their voter lists and, in the name of dispassionate, race-blind Big Data, seek to ensure the rolls are up to date. To make sure the system finds suspect voters, Crosscheck supposedly matches first, middle and last name, plus birth date, and provides the last four digits of a Social Security number for additional verification.

In reality, however, there have been signs that the program doesn’t operate as advertised. Some states have dropped out of Crosscheck, citing problems with its methodology, as Oregon’s secretary of state recently explained: “We left [Crosscheck] because the data we received was unreliable.”

In our effort to report on the program, we contacted every state for their Crosscheck list. But because voting twice is a felony, state after state told us their lists of suspects were part of a criminal investigation and, as such, confidential. Then we got a break. A clerk in Virginia sent us its Crosscheck list of suspects, which a letter from the state later said was done “in error.”

The Virginia list was a revelation. In all, 342,556 names were listed as apparently registered to vote in both Virginia and another state as of January 2014. Thirteen percent of the people on the Crosscheck list, already flagged as inactive voters, were almost immediately removed, meaning a stunning 41,637 names were “canceled” from voter rolls, most of them just before Election Day.

We were able to obtain more lists – Georgia and Washington state, the total number of voters adding up to more than 1 million matches – and Crosscheck’s results seemed at best deeply flawed. We found that one-fourth of the names on the list actually lacked a middle-name match. The system can also mistakenly identify fathers and sons as the same voter, ignoring designations of Jr. and Sr. A whole lot of people named “James Brown” are suspected of voting or registering twice, 357 of them in Georgia alone. But according to Crosscheck, James Willie Brown is supposed to be the same voter as James Arthur Brown. James Clifford Brown is allegedly the same voter as James Lynn Brown.

And those promised birth dates and Social Security numbers? The Crosscheck instruction manual says that “Social Security numbers are included for verification; the numbers might or might not match” – which leaves a crucial step in the identification process up to the states. Social Security numbers weren’t even included in the state lists we obtained.

We had Mark Swedlund, a database expert whose clients include eBay and American Express, look at the data from Georgia and Virginia, and he was shocked by Crosscheck’s “childish methodology.” He added, “God forbid your name is Garcia, of which there are 858,000 in the U.S., and your first name is Joseph or Jose. You’re probably suspected of voting in 27 states.”

Swedlund’s statistical analysis found that African-American, Latino and Asian names predominate, a simple result of the Crosscheck matching process, which spews out little more than a bunch of common names. No surprise: The U.S. Census data shows that minorities are overrepresented in 85 of 100 of the most common last names. If your name is Washington, there’s an 89 percent chance you’re African-American. If your last name is Hernandez, there’s a 94 percent chance you’re Hispanic. If your name is Kim, there’s a 95 percent chance you’re Asian.

This inherent bias results in an astonishing one in six Hispanics, one in seven Asian-Americans and one in nine African-Americans in Crosscheck states landing on the list. Was the program designed to target voters of color? “I’m a data guy,” Swedlund says. “I can’t tell you what the intent was. I can only tell you what the outcome is. And the outcome is discriminatory against minorities.”

Confronted by Palast, Kobach lied about his purge lists being publicly available and insisted that what was manifestly happening couldn’t possibly be.

In addition, some voters about whose eligibility someone raised a question were forced to cast provisional ballots which, in many cases, were never counted and which, in some cases, were simply thrown out, Palast found.

And that’s on top of the efforts by states to impose onerous voter-ID requirements and limits on early voting, both of which disproportionately affect young and senior voters, minorities and the poor — who disproportionately vote Democratic. The courts threw out some, but not all, of these changes, which carried the force of law and helped provide at least a small bit of help for the Republican ticket.

Palast has an updated version of his book out that discusses some of the 2016 fuckery, along with an identically titled documentary film that you can order on DVD from GregPalast.com or rent on Amazon or Vimeo.

Despite all of this, Hillary Clinton won the popular vote by more than 2 million votes (and counting, at this writing). She won more popular votes than anyone in history not named Barack Obama. But the GOP efforts provided a narrow edge — 1% or less — in a few key swing states to give the Electoral College vote, wrongly, to Trump. The question, which I’ll address in an upcoming post, is what can be done about it.

Like this:

Saturday, November 21, 2009 10:49 pm

I’ve been more or less involved in the issue of paperless touch-screen voting machines for — wow — coming up on seven years (how time flies when you’re having fun). From the outset, I never saw this as a partisan issue, if for no other reason than if machines can be manipulated or can malfunction during general elections, the same thing can happen during primaries. But for most of this time, there has been a pretty clear division between the two major parties regarding this subject: Democrats have tended to be more concerned about the dangers than Republicans.

Unlike a lot of activists, I never saw “black-box voting” as a Republican plot, and to this day I know of no conclusive proof that anyone has ever used these machines to manipulate an American election. I simply acknowledge that the possibility that it could happen is too great to be tolerated.

But I find it interesting, though not entirely unpredictable, that Republicans should start to get religion on this issue only after one of their own goes down in a high-profile, nationally watched election:

GOUVERNEUR, NY – The computerized voting machines used by many voters in the 23rd [Congressional] district [election on Nov. 3] had a computer virus – tainting the results, not just from those machines known to have been infected, but casting doubt on the accuracy of counts retrieved from any of the machines.

Cathleen Rogers, the Democratic Elections Commissioner in Hamilton County stated that they discovered a problem with their voting machines the week prior to the election and that the “virus” was fixed by a Technical Support representative from Dominion, the manufacturer. The Dominion/Sequoia Voting Systems representative “reprogrammed” their machines in time for them to use in the Nov. 3rd Special Election. None of the machines (from the same manufacturer) used in the other counties within the 23rd district were looked at nor were they recertified after the “reprogramming” that occurred in Hamilton County.

Once again: Vote security is not a partisan issue. It goes to the heart of our system of government and everyone ought to care.

Folks, this is not a calibration issue. This is not a glitch. It is poorly written software, pure and simple. If you vote on such a machine and it also has paper, be darned sure you check the paper after every single choice to make sure what you’ve chosen is what actually gets recorded on the paper.

Like this:

Wednesday, March 19, 2008 8:47 pm

At the request of election officials, the Ohio Bureau of Criminal Identification and Investigation has seized voting machines for forensic analysis and has launched a criminal investigation into the Franklin County Board of Elections.

The investigation was launched after Jennifer Brunner, Ohio’s Secretary of State and chief election official, found that a candidate’s name was marked as withdrawn on the electronic voting machine that she used during the recent primaries, an irregularity that was also reported by voters in other precincts. The state attorney general is now working with a team of computer forensic consultants to determine if there was any tampering.

Preliminary analysis conducted by specialists from SysTest Labs indicates that the internal audit capability of the Franklin County voting machines had been manually disabled by county election board programmers last year, making it almost impossible to tell if any nefarious changes have been made to the systems. SysTest also discovered that the election board had failed to adhere to routine machine testing standards and had tested only one machine in each precinct rather than all of the machines.

Ohio has seen one electronic voting disaster after another ever since counties in the state began adopting the technology. Two Cuyahoga election officials were convicted of rigging a recount in May 2004 because they literally admitted to doing precounts and displayed the evidence while being recorded on videotape. A different Cuyahoga county recount, for a November 2007 local election, was equally marred when Brunner turned the state’s voter-verifiable paper audit trail law into a mockery by conducting the recount with paper ballots reprinted after the election from voting machine memory cards.

After all of these incidents, Brunner launched a $1.9 million security review which determined that the voting machines used in the state are all egregiously insecure and susceptible to manipulation and outright fraud in numerous ways. The review produced over 1,000 pages of documentation describing the profound flaws that impact the systems.

Voter-verified paper ballots are the way to go. And if counting paper ballots takes a little while longer, so be it. We have way too many problems with voting in a country of our size and level of technological development, and this may be one case in which technology isn’t going to be helpful in ensuring that everyone’s vote is counted and counted correctly.

Wednesday, December 19, 2007 7:33 pm

The voting-machine industry’s long and mostly unsuccessful effort to prove its products aren’t utterly worthless if not corrupt has come a cropper this week as officials in both Ohio and Colorado are basically throwing them out. (h/t to Fred for the links)

As my friend David Allen has said (and likely would be saying now if his site weren’t down at the moment), how often do we have to be right before the politicians will listen? Touch-screen voting machines are unreliable (if not corrupt), the process that certifies them is riddled with flaws, and there are simpler and more accurate approaches readily available that will, along with robust auditing and recount policies, ensure the highest probability of an accurate vote count.

Tuesday, November 21, 2006 10:48 pm

Yes, but not enough to affect the outcome, says Rob Kall, relying on research by the Election Defense Alliance. I think the evidence is circumstantial but not, contra Kall, directly probative. Put another way, I am, as I always have been, agnostic on the question.

Like this:

Wednesday, November 1, 2006 5:14 pm

Oh, this is cute: Diebold, maker of, to be polite, flawed touch-screen voting machines, is threatening to sue HBO if it airs a documentary about the company.

As if.

Literally the last thing Diebold wants is lots and lots of subpoenas of all kinds of Diebold computer records and hardware, so that we can see what we can restore from “erased” hard drives, and lots and lots of questions having to be answered under oath by Diebold executives.

What if I told you that it would take only one person—one highly motivated, but only moderately skilled bad apple, with either authorized or unauthorized access to the right company’s internal computer network—to steal a statewide election? You might think I was crazy, or alarmist, or just talking about something that’s only a remote, highly theoretical possibility. You also probably would think I was being really over-the-top if I told you that, without sweeping and very costly changes to the American electoral process, this scenario is almost certain to play out at some point in the future in some county or state in America, and that after it happens not only will we not have a clue as to what has taken place, but if we do get suspicious there will be no way to prove anything. You certainly wouldn’t want to believe me, and I don’t blame you. …

Over the course of almost eight years of reporting for Ars Technica, I’ve followed the merging of the areas of election security and information security, a merging that was accelerated much too rapidly in the wake of the 2000 presidential election. In all this time, I’ve yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it’s time to hit the panic button: In this article, I’m going to show you how to steal an election.

Now can we please have voter-verified paper ballots and mandatory, robust auditing of all elections nationwide?

Tuesday, May 16, 2006 8:39 pm

You know what? Screw it. Just forget trying to make secure electronic voting machines. Just go back to paper ballots, counted at each precinct and again downtown, out in the open where anyone who cares can watch.

I know it's heresy for a journalist to say this, but frankly, if paper ballots would give us a more secure, transparent, auditable voting system than what we have now with DREs — and they would — I'm willing to wait a few more hours, or even a day or two, for accurate vote counts. As public policy goes, giving the voting-machine companies chance after chance after chance to get it right, only to be disappointed every single time, just strikes me as idiocy, if not insanity, at this point.

Like this:

Wednesday, May 10, 2006 9:29 pm

Regular readers know of my longstanding interest in fair, accurate, transparent voting. My friend David Allen has an even longer standing interest and a much lengthier history of involvement in the issue, including service on a special legislative committee that looked into the issue of touch-screen voting machines.

David recently took his involvement one step further by volunteering to be a field troubleshooter for one voting-machine company during North Carolina’s recent primary election. (Well, the company was paying him and he was going to turn the money over to charity, but now he’s just refusing it outright.) He has a report up on his voting site, BlackBoxVoting.com, on his recent experience, what it says about North Carolina’s recent, positive changes in the law regarding voting machines, and where the potential problems remain. It’s surprisingly upbeat — astonishingly so if you actually know David, who’s the only friend I have who consistently rivals me in terms of darkness of outlook. :-) It’s also interesting and informative. Check it out.

Like this:

Tuesday, January 24, 2006 10:09 pm

From commenter “clevershark” at Metafilter: “Yesterday we in Canada voted using the time-tested technologies of pencil and paper. Today we know who won the election. We know by how much. There is no dispute whatsoever. There may be a message in that.”

Ya think?

(To clarify: I don’t think all ballots should be pencil and paper. I do, however, believe touch-screen electronic machines are insecure and subject to unacceptable failure rates, and that if they are used they should generate a voter-verified paper ballot and that a robust auditing system be in place.)

Tuesday, November 15, 2005 8:12 pm

In Ohio, results on one referendum item come in within a percentage point of the Columbus Dispatch’s historically reliable pre-election polling … and results on four others come nowhere close … after the state adds 800,000 new touch-screen machines.

In New Mexico, elections officials are stonewalling discovery in a lawsuit pertaining to the vote totals in the 2004 presidential election. (If my math is right — always questionable — the outcome of the election would not be at stake either way. But from where I sit, that’s not the point and never has been.)

Folks, how much proof do you need that the world is round? And that paperless electronic voting machines are incredibly unreliable? And that for us to have confident in our voting system, that system must be completely transparent?

Like this:

Tuesday, July 12, 2005 8:47 pm

Voting-rights groups sued Florida election administrators on Wednesday to overturn a rule that prohibits manual recounting of ballots cast with touch-screen machines, a lawsuit with echoes of the state’s disputed 2000 presidential election voting.The lawsuit said the rule was “illogical” and rested on the questionable assumption that electronic voting machines perform flawlessly 100 percent of the time. It also said the rule violated a Florida law that expressly requires manual recounts of certain ballots if the margin in an election is less than 0.25 percent of the votes cast.

Court disputes over how to conduct manual recounts of punch card and absentee ballots delayed Florida’s results in the 2000 presidential election, which George W. Bush won after taking the state by 537 votes.

The lawsuit was filed against the Florida Department of State, which oversees elections and which issued the rule in April.

Plaintiffs included the American Civil Liberties Union of Florida, the nonpartisan political group Common Cause and other voter education and civil rights groups. The suit will be heard by the Division of Administrative Hearings in Tallahassee, the state capital.

The plaintiffs said in their suit the electronic voting machines were “known to malfunction and to be subject to malicious tampering.”

I might’ve made it “vulnerable to malicious tampering” because I don’t think we can prove such machines ever have been tampered with. But otherwise, good for the plaintiffs.

Because God forbid we count votes accurately or anything.

Share this:

Like this:

Tuesday, November 23, 2004 7:08 pm

Locally, my friend David Allen, owner of Plan 9 Publishing in High Point, publisher and co-author of “Black Box Voting: Ballot Tampering in the 21st Century” and editor of the ThoughtCrimes blog, has been named to a legislative study commission that will be looking at voting-machine problems in North Carolina. Before starting his publishing business, David did network security for banks for a lot of years. He’s sharp, he’s skeptical and, although quite a partisan liberal, he’s reality-based and sees this issue as utterly nonpartisan. The commission is lucky to have him.

Nationally, the Government Accountability Office (formerly the General Accounting Office), the nonpartisan investigative arm of Congress, said today it will be looking into voting irregularities in this year’s elections, including more than 57,000 complaints received by the House Judiciary Committee, according to this news release. GAO investigations are almost alone among government investigations for their high degrees of fairness and thoroughness. I don’t expect the findings of this investigation to change history — nor should you — but I hope and expect that it will shed detailed light on the (still far too many) problems remaining in our vote-counting systems.

Like this:

Friday, August 13, 2004 8:55 pm

From Wired.com, a report on what happened when voting-machine maker Sequoia tested a new touch-screen machine with voter-verifiable paper ballot for California officials last week:

… the machine worked fine when the company tested votes using an English-language ballot. But when the testers switched to a Spanish-language ballot, the paper trail showed no votes cast for two propositions.”We did it again and the same thing happened,” said Darren Chesin, a consultant to the state Senate elections and reapportionment committee. “The problem was not with the paper trail. The paper trail worked flawlessly, but it caught a mistake in the programming of the touch-screen machine itself. For some reason it would not record or display the votes on the Spanish ballot for these two ballot measures. The only reason we even caught it was because we were looking at the paper trail to verify it.”

The article goes on to quote a company official as saying that ballot-design error, not programming error, was to blame, and that such an error “would never happen in an election environment because of all the proofing that election officials do.”

State Senate aides watching the demonstration and Chesin “could not confirm this, however, since the company did not show them evidence of the digital votes stored on the machine’s internal memory.”

No voting system is foolproof. There’s no way to be 100% sure of preventing malfunctions, bad programming or even fraud. All you can do is create an audit system that makes it close to 100% sure that any discrepancy will be noticed. That’s the voter-verified paper ballot, the so-called “paper trail,” in a nutshell.

Monday, August 2, 2004 12:19 pm

The inflammatory headline above introduces what’s actually a long but nuanced article in The Nation about the perils of black-box voting. If you’re unfamiliar with the issue — and statistically speaking, there’s a decent chance you are — go check it out.

MIAMI, July 27 – Almost all the electronic records from the first widespread use of touch-screen voting in Miami-Dade County have been lost, stoking concerns that the machines are unreliable as the presidential election draws near.The records disappeared after two computer system crashes last year, county elections officials said, leaving no audit trail for the 2002 gubernatorial primary. A citizens group uncovered the loss this month after requesting all audit data from that election.

A county official said a new backup system would prevent electronic voting data from being lost in the future. But members of the citizens group, the Miami-Dade Election Reform Coalition, said the malfunction underscored the vulnerability of electronic voting records and wiped out data that might have shed light on what problems, if any, still existed with touch-screen machines here. The group supplied the results of its request to The New York Times.

“This shows that unless we do something now – or it may very well be too late – Florida is headed toward being the next Florida,” said Lida Rodriguez-Taseff, a lawyer who is the chairwoman of the coalition.

Remember, the goal here is not necessarily to prevent fraud (although VVPBs will make it harder, for sure), but to create an auditing system so strong that any fraud inevitably will be discovered. Congress and your state legislature will have to act to make that happen. For more information, go here. To join in an online letter-generating campaign (which I don’t endorse; I think personal letters are more effective), go here.

And my say is this: First, every American who values his right to have his vote counted owes Bev an enormous debt. Many, many people helped make the book “Black Box Voting” a reality and, more importantly, worked very hard to get the issue out in front of the public so that even the laziest media outlet could ignore it no longer. But if Bev hadn’t stumbled onto this story, and realized that it was a story that needed to be told, America might be at a very different and much more dangerous pass today.

To repeat my full disclosure: David Allen, a longtime friend of mine and the owner of Plan 9 Publishing, the book’s initial publisher, hired me to edit the book on a freelance basis. I took on this project with the prior knowledge and permission of the editor of my paper, with the understanding that doing so would bar me from involvement in any N&R coverage of the issue.

I took the assignment for several reasons. Although I’d been a newspaper editor for years, editing everything from breaking news to in-depth projects, I’d never edited a book and was curious to try. David was a friend and his enthusiasm for the project was infectious. Once David explained the book’s thesis to me, I knew enough about computers and their vulnerabilities to grasp at once the potential for enormous problems – put another way, yes, David sold the project to me, but its merits also allowed the project to sell itself.

I thought the likeliest outcome was that the book would sell a few thousand copies. What I hoped was that so many of those copies would find their way into the hands of political leaders and influential journalists/commentators that the issue might catch enough fire that the shortcomings in America’s voting system and the Help America Vote Act could be addressed in time for the 2004 general elections. Put another way, it might become the Velvet Underground of political books. The old saying about the Velvet Underground was that they never sold many records but that everyone who bought one went out and started a band. I hoped “Black Box Voting” might generate voting-rights activists at a rate of at least one or two per copy sold.

And although this wasn’t a big part of my thinking, I thought there was an outside chance that the book might be successfully marketed, via the Internet (particularly some influential Web logs), to a lot of people who wouldn’t ordinarily buy political books and become a bestseller. An outside chance, I emphasize, but a chance.

(I also thought there was at least a 40 percent chance I would never see a dime, although I can’t sit here and tell you now that I knew then what was going to happen.)

If you asked me to prioritize all these reasons, I’m not sure I could except to say that I believed this was a legitimate and crucial news story, one all the more remarkable in that the way Bev was getting help from and double-checking her work with computer experts in online forums made “Black Box Voting” arguably the first open-source investigative journalism project. So it had that little extra coolness factor going for it. In any event, it was an important, unique story, one in which I could play little or no role in my day job or a significant role as a freelancer. I signed on.

My dealings with Bev started well. They didn’t stay that way. The biggest problem was that she blew deadlines like Linda Lovelace, and I don’t mean that as a compliment. Originally, the project was supposed to be finished by the end of 2002. Then April 2003. Then September 2003. I didn’t finish editing and proofing until February of this year, by which time the primaries were under way and editing had to be limited pretty much to typos and misspellings. Those who know me professionally know how I feel about deadlines. Moreover, for purely practical reasons I had needed her to adhere to her deadlines: I already had a full-time job, kids and a wife who was working full-time and pursuing an MBA at the time, so I couldn’t just drop everything to edit a chapter immediately whenever Bev felt like dropping one my way.

Meanwhile, Bev’s relationship with David started to deteriorate. In hindsight, this began right around the time Bev and Jim March filed their qui tam suit in California, although I didn’t find out about that until it was unsealed a couple of weeks ago.

About the same time, Bev and David jointly decided to begin posting draft chapters of the book online for free download to deflect criticism that they were “only in this for the money.” I went along with this, even though it probably was going to mean less money for me, because I believed the issue was more important than my making a little money on the side. In fact, because of server problems Bev was encountering with bbv.org and because I wanted to make sure the book remained available even if voting-machine companies sued Bev, I posted copies for download on this blog, something neither of them asked me to do. (I took them down once enough mirror sites had cropped up that I was confident the book couldn’t be squelched.)

Long story short, earlier this year, Bev accused David of shortchanging her in some way. I don’t know the details, and I don’t want to know the details because I don’t want to have to spend time being deposed. And I don’t know who’s right, but I know this: I’ve known David Allen for more than 10 years, and if he took even one thin dime to which he was not legally and contractually entitled, I’ll be the most surprised person on the face of the planet.

Meanwhile, David directed me to some forum discussions at Democratic Underground, a Web site on which I’d never spent much time because, well, I’m a Republican. And to judge from what I read there, it seems that Bev has been accusing a lot of people who helped her with the book of a lot of things, including filing qui tam lawsuits themselves behind her back (no such suits have surfaced), and that these people are all loudly and publicly denying Bev’s accusations. (Read through this thread at Democratic Underground to see what I’m talking about. And you can see David’s response to Bev’s allegations on this thread.)

So, where are we today? Bev will be employed by a voting-rights nonprofit and stands to make a fair bit of money from her lawsuit. She has been either minimizing or denigrating, in public forums, the work of people she earlier had credited with helping her. Those people include me – depending on which Bev is talking, I either gave her no editing or lousy editing. (David Allen elaborates on this here, among other places.) David, who even Bev has conceded took a chance on the project when no one else would, appears to be headed to court with her. She’s getting pro bono legal representation, but David is having to pay a lawyer, out of consideration for which I haven’t pressed him yet for any payment under our agreement.

That’s pretty much the end of my part of this story. I’ll be happy to answer any questions. And don’t feel sorry for me. I never expected much out of this personally, and that’s what I’ve gotten. I’ve had false and uncomplimentary things written about me by better-known, more credible writers than Bev Harris in my career, and I’m still standing. I’m a big boy, and now that this post is about done I’ve pretty much moved on.

As for the other players, other than David, who’s still hanging in there, I never even met ’em. I hope they’re all as OK as I am.

Bev comes out of this with a decent job, a decent shot at a jackpot (even after lawyer’s fees, her take in the California suit could run into the millions) and success at her primary objective: Most importantly, she has raised public consciousness on an issue crucial to the survival of our democracy.

All it cost her was a couple of years of her life, a few thousand bucks and her soul. Based on my looks at the latter over the past 18 months or so, I’d say she got off cheap. But the cost to the country could be a lot greater: After the way Bev appears to have treated a number of her fellow activists, I bet a bunch of them stay home the next time democracy needs saving.

And if there’s one constant in this nation’s history, it’s that there will always be a next time.

SAN FRANCISCO – Electronic voting critics are suing Diebold Inc., alleging that the hardware and software company’s shoddy equipment exposed California elections to hackers and software bugs.California’s attorney general on Friday unsealed the lawsuit, among the first e-voting cases to rely on a legal provision for whistle blowers who help the government identify fraud.

Computer programmer Jim March and activist Bev Harris, who filed the case in November, are asking the state and counties to join the lawsuit. They’re seeking full reimbursement for Diebold equipment purchased in California. State election officials have spent at least $8 million on paperless touch-screen machines.

Because the suit relies on an obscure provision called “qui tam,” March and Harris could collect up to 30 percent of any reimbursement.

“This is about money now – a case of the capitalist system at work,” said March, a Sacramento computer enthusiast. “The laws on voting products and processes are unfortunately unclear. But the law on defrauding the government is really, really clear. Going after the money trail is cleaner than going after proper procedures.”

I will have much, much more to say about this in a few days. Unfortunately, I’ve got more pressing demands on my time at the moment.

Like this:

Thursday, July 8, 2004 8:27 pm

A federal district judge has ruled in favor of California’s new paper-trail reform in electronic voting:

Los Angeles – A federal judge ruled [Wednesday] that California Secretary of State Kevin Shelley’s requirements for additional security on electronic voting machines do not violate federal or state law. The Electronic Frontier Foundation, California Voter Foundation, VerifiedVoting.org, and Voters Unite! submitted a friend-of-the-court brief and a sur-reply in support of Secretary Shelley. The case is Benavidez v. Shelley.”This decision is a landmark,” said [Electronic Frontier Foundation] Legal Director Cindy Cohn. “The court said – in clear, unambiguous terms – that requiring a paper trail for e-voting machines is consistent with the ‘obligation to assure the accuracy of election results.’ That’s an enormous victory.”

Judge [Florence-Marie] Cooper wrote that the “defendant’s decision to decertify touch-screen voting machines and to withhold further certification until he is satisfied that manufacturers have complied with specified conditions is a reasonable one. It is based on studies conducted and information gathered which convinced him that the voting public’s right to vote is not adequately protected by the systems currently in place.”

This ruling is particularly significant because Secretary Shelley’s e-voting reforms are setting the tone for the national debate on this issue. He was the first state election official to issue a blanket requirement for voter-verified paper audit trails (VVPAT) on e-voting machines, though Nevada later followed suit. On April 30, after further review and a scandal with embattled voting machine vendor Diebold Election Systems, Shelley decertified all of the state’s e-voting machines until additional safeguards could be implemented. His responsiveness to the growing evidence of problems in e-voting systems has led to pressure in states like Maryland and Ohio, where similar evidence has been downplayed.

The ruling certainly is consistent with the facts and the law as I understand them. But this issue has been so obfuscated by opponents of reform that it’s still a bit surprising to see someone actually doing the right thing.

The gist is: The government hires some outstanding programmers. They write an operating system for voting machines, then place it online, where literally anyone can look at it, critique it, debug it, suggest improvements. It’s the principle that gave rise to the Linux computer operating system, and it’s particularly appropriate in this context because the system that counts our votes ought not be secret and proprietary.

It’s a key ingredient in the only formula that has a chance of guaranteeing accurate election totals: Voting must be auditable. Other essential ingredients: voter-verified paper ballots; intensive exit polling; widespread, random spot-check recounts; automatic recounts in close races; automatic recounts in the event of anomalies (e.g., vote totals differing significantly from exit polling); etc.

Auditable voting isn’t pie in the sky; we have the technology and know-how right now, today. We just need the will, and the impertinence to ask anyone who opposes it why they don’t want votes counted accurately and so, by extension, hate America.

Like this:

Thursday, April 22, 2004 8:33 pm

California’s Voting Systems and Procedures panel recommended today, by an 8-0 vote, that the secretary of state should ban 15,000 Diebold touch-screen voting machines from this fall’s elections. It also recommended that a state report on alleged failings of Diebold in California be forwarded to the attorney general’s office for possible criminal charges against the company.

Friday, January 30, 2004 9:42 pm

For a week, the computer whizzes laid abuse – both high- and low-tech – on the six new briefcase-sized electronic voting machines sent over by the state.One guy picked the locks protecting the internal printers and memory cards. Another figured out how to vote more than once – and get away with it. Still another launched a dial-up attack, using his modem to slither through an electronic hole in the State Board of Elections software. Once inside, he could easily change vote totals that come in on Election Day.

“My guess is we’ve only scratched the surface,” said Michael A. Wertheimer, who spent 21 years as a cryptologic mathematician at the National Security Agency.

He is now a director at RABA Technologies in Columbia, the firm that the state hired for about $75,000 to look at Maryland’s new touch-screen voting machines scheduled to be unveiled in nearly every precinct in Maryland for the March 2 primary. …

Wertheimer said it would take nearly a complete rewrite of the computer code to fix the machines’ flaws. …

Diebold “basically had no interest in putting actual security in this system,” said Paul Franceus, one of the consultants. “It’s not like they did it wrong. It’s like they didn’t bother.”

Which, you know is nothing except what Bev and David and a lot of other people have been saying for more than a year.